Wireguard on FreeBSD
After upgrading my system to FreeBSD 14.0 I have decided to try WireGuard.
I have never used it before and even after reading
wg(8) I didn't really know how to make it work.
After reading few articles I have found about
wg-quick(8) that made the whole setup a bit simpler.
WireGuard is now part of the FreeBSD kernel so there is no need to install it manually.
The only thing I have installed is
wireguard-tools to get
pkg install wireguard-tools
You need to get a WireGuard INI-like config file from your provider.
See the example below from the
wg(8) man pages.
[Interface] PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= ListenPort = 51820 [Peer] PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= Endpoint = 220.127.116.11:1234 AllowedIPs = 10.192.122.3/32, 10.192.124.1/24
Next we need to generate public and private key for our machine.
I have created
/etc/wireguard/ directory and run the following as a root user:
umask 077 wg genkey | tee private.key | wg pubkey > public.key
WireGuard protects these files by enforcing that only root should be able read them.
This is why we run
You can move your config file to
This is the default directory that
wg-quick uses to find config files.
You can start WireGuard by providing path to the config file:
wg-quick up /etc/wireguard/sample.conf
or provide just the config name if it's inside
wg-quick up sample
You can disable it with
wg-quick down sample and see running connections with